Security Assist - help with access rules

The site will allow people to log in to various pages, but only a subset of all users will be able to add new tour itineraries to the site.

I have my table of users, with a column for User_Level - currently 1, 2, and 3.

I have it all working so that anyone can log in.

But am going wrong in restricting some pages to users with a User_Level of 3.

I have attached the page I am testing, along with a screen shot of the Access Rules Manager dialogue box. The first condition is for people logged in, and I have added a second condition to only grant access to the page when the User_Level session variable = 3.

Which I thought was it, but I'm missing something, as it isn't working yet.

Actually, I was going through some of the archived documentation for SA, and noticed that in the example there, the rule only had the second condition, without the original one to be logged in. I tried taking that out in my example, and it looks like its working now.

Does that sound about right?

One other question on this - if I have one set of pages that are restricted to one group, and another set of pages restricted to a second group, what would the rule be to allow a third group access to both sets of pages?